Bug 980475 - Boolean use_samba_home_dirs allows some types access to autofs_t
Boolean use_samba_home_dirs allows some types access to autofs_t
Status: CLOSED NOTABUG
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: selinux-policy (Show other bugs)
7.0
All Linux
unspecified Severity medium
: rc
: ---
Assigned To: Miroslav Grepl
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-02 09:49 EDT by Michal Trunecka
Modified: 2014-09-30 19:35 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-03 04:05:20 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Michal Trunecka 2013-07-02 09:49:02 EDT
Description of problem:

I think this is a mistake, because it is use_SAMBA_home_dirs and it allows access to automounted device:

> # sesearch -b use_samba_home_dirs -A -C | grep autofs_t
> DT allow mozilla_t autofs_t : dir { ioctl read getattr lock search open } ; [ mozilla_read_content use_samba_home_dirs && ]
> DT allow cdrecord_t autofs_t : dir { ioctl read getattr lock search open } ; [ cdrecord_read_content use_samba_home_dirs && ]
> DT allow mock_t autofs_t : dir { ioctl read getattr lock search open } ; [ mock_enable_homedirs use_samba_home_dirs && ]


Version-Release number of selected component (if applicable):
selinux-policy-3.12.1-56.el7.noarch

Note You need to log in before you can comment on or make changes to this bug.